AWS v6.73.0, Mar 19 25

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

aws.wafv2.RuleGroup

Explore with Pulumi AI

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

Create RuleGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new RuleGroup(name: string, args: RuleGroupArgs, opts?: CustomResourceOptions);

@overload
def RuleGroup(resource_name: str,
              args: RuleGroupArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def RuleGroup(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              capacity: Optional[int] = None,
              custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
              description: Optional[str] = None,
              name: Optional[str] = None,
              name_prefix: Optional[str] = None,
              rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
              scope: Optional[str] = None,
              tags: Optional[Mapping[str, str]] = None,
              visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None)

func NewRuleGroup(ctx *Context, name string, args RuleGroupArgs, opts ...ResourceOption) (*RuleGroup, error)

public RuleGroup(string name, RuleGroupArgs args, CustomResourceOptions? opts = null)

public RuleGroup(String name, RuleGroupArgs args)
public RuleGroup(String name, RuleGroupArgs args, CustomResourceOptions options)

type: aws:wafv2:RuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

RuleGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The RuleGroup resource accepts the following input properties:

Capacity int: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
VisibilityConfig RuleGroupVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
CustomResponseBodies List<RuleGroupCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
Description string: A friendly description of the rule group.
Name string: A friendly name of the rule group.
NamePrefix string
Rules List<RuleGroupRule>: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
Tags Dictionary<string, string>: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Capacity int: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
VisibilityConfig RuleGroupVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
CustomResponseBodies []RuleGroupCustomResponseBodyArgs: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
Description string: A friendly description of the rule group.
Name string: A friendly name of the rule group.
NamePrefix string
Rules []RuleGroupRuleArgs: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
Tags map[string]string: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity Integer: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig RuleGroupVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
customResponseBodies List<RuleGroupCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description String: A friendly description of the rule group.
name String: A friendly name of the rule group.
namePrefix String
rules List<RuleGroupRule>: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
tags Map<String,String>: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity number: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig RuleGroupVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
customResponseBodies RuleGroupCustomResponseBody[]: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description string: A friendly description of the rule group.
name string: A friendly name of the rule group.
namePrefix string
rules RuleGroupRule[]: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
tags {[key: string]: string}: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity int: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
scope str: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibility_config RuleGroupVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
custom_response_bodies Sequence[RuleGroupCustomResponseBodyArgs]: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description str: A friendly description of the rule group.
name str: A friendly name of the rule group.
name_prefix str
rules Sequence[RuleGroupRuleArgs]: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
tags Mapping[str, str]: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity Number: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
customResponseBodies List<Property Map>: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description String: A friendly description of the rule group.
name String: A friendly name of the rule group.
namePrefix String
rules List<Property Map>: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
tags Map<String>: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the RuleGroup resource produces the following output properties:

Arn string: The ARN of the WAF rule group.
Id string: The provider-assigned unique ID for this managed resource.
LockToken string
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: The ARN of the WAF rule group.
Id string: The provider-assigned unique ID for this managed resource.
LockToken string
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The ARN of the WAF rule group.
id String: The provider-assigned unique ID for this managed resource.
lockToken String
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: The ARN of the WAF rule group.
id string: The provider-assigned unique ID for this managed resource.
lockToken string
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: The ARN of the WAF rule group.
id str: The provider-assigned unique ID for this managed resource.
lock_token str
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The ARN of the WAF rule group.
id String: The provider-assigned unique ID for this managed resource.
lockToken String
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing RuleGroup Resource

Get an existing RuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RuleGroupState, opts?: CustomResourceOptions): RuleGroup

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        capacity: Optional[int] = None,
        custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
        description: Optional[str] = None,
        lock_token: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
        scope: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None) -> RuleGroup

func GetRuleGroup(ctx *Context, name string, id IDInput, state *RuleGroupState, opts ...ResourceOption) (*RuleGroup, error)

public static RuleGroup Get(string name, Input<string> id, RuleGroupState? state, CustomResourceOptions? opts = null)

public static RuleGroup get(String name, Output<String> id, RuleGroupState state, CustomResourceOptions options)

resources:  _:    type: aws:wafv2:RuleGroup    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The ARN of the WAF rule group.
Capacity int: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
CustomResponseBodies List<RuleGroupCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
Description string: A friendly description of the rule group.
LockToken string
Name string: A friendly name of the rule group.
NamePrefix string
Rules List<RuleGroupRule>: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
Tags Dictionary<string, string>: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VisibilityConfig RuleGroupVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

Arn string: The ARN of the WAF rule group.
Capacity int: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
CustomResponseBodies []RuleGroupCustomResponseBodyArgs: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
Description string: A friendly description of the rule group.
LockToken string
Name string: A friendly name of the rule group.
NamePrefix string
Rules []RuleGroupRuleArgs: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
Tags map[string]string: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VisibilityConfig RuleGroupVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn String: The ARN of the WAF rule group.
capacity Integer: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
customResponseBodies List<RuleGroupCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description String: A friendly description of the rule group.
lockToken String
name String: A friendly name of the rule group.
namePrefix String
rules List<RuleGroupRule>: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Map<String,String>: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
visibilityConfig RuleGroupVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn string: The ARN of the WAF rule group.
capacity number: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
customResponseBodies RuleGroupCustomResponseBody[]: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description string: A friendly description of the rule group.
lockToken string
name string: A friendly name of the rule group.
namePrefix string
rules RuleGroupRule[]: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags {[key: string]: string}: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
visibilityConfig RuleGroupVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn str: The ARN of the WAF rule group.
capacity int: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
custom_response_bodies Sequence[RuleGroupCustomResponseBodyArgs]: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description str: A friendly description of the rule group.
lock_token str
name str: A friendly name of the rule group.
name_prefix str
rules Sequence[RuleGroupRuleArgs]: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
scope str: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Mapping[str, str]: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
visibility_config RuleGroupVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn String: The ARN of the WAF rule group.
capacity Number: The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.
customResponseBodies List<Property Map>: Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
description String: A friendly description of the rule group.
lockToken String
name String: A friendly name of the rule group.
namePrefix String
rules List<Property Map>: The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Map<String>: An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

Supporting Types

Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.

RuleGroupCustomResponseBody, RuleGroupCustomResponseBodyArgs

Content string: The payload of the custom response.
ContentType string: The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
Key string: A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

Content string: The payload of the custom response.
ContentType string: The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
Key string: A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content String: The payload of the custom response.
contentType String: The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key String: A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content string: The payload of the custom response.
contentType string: The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key string: A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content str: The payload of the custom response.
content_type str: The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key str: A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content String: The payload of the custom response.
contentType String: The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key String: A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

RuleGroupRule, RuleGroupRuleArgs

Action RuleGroupRuleAction: The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
Name string: A friendly name of the rule.
Priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
Statement RuleGroupRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
VisibilityConfig RuleGroupRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
CaptchaConfig RuleGroupRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
RuleLabels List<RuleGroupRuleRuleLabel>: Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

Action RuleGroupRuleAction: The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
Name string: A friendly name of the rule.
Priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
Statement RuleGroupRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
VisibilityConfig RuleGroupRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
CaptchaConfig RuleGroupRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
RuleLabels []RuleGroupRuleRuleLabel: Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action RuleGroupRuleAction: The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
name String: A friendly name of the rule.
priority Integer: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement RuleGroupRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
visibilityConfig RuleGroupRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
captchaConfig RuleGroupRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
ruleLabels List<RuleGroupRuleRuleLabel>: Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action RuleGroupRuleAction: The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
name string: A friendly name of the rule.
priority number: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement RuleGroupRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
visibilityConfig RuleGroupRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
captchaConfig RuleGroupRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
ruleLabels RuleGroupRuleRuleLabel[]: Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action RuleGroupRuleAction: The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
name str: A friendly name of the rule.
priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement RuleGroupRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
visibility_config RuleGroupRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
captcha_config RuleGroupRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
rule_labels Sequence[RuleGroupRuleRuleLabel]: Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action Property Map: The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.
name String: A friendly name of the rule.
priority Number: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement Property Map: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.
captchaConfig Property Map: Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
ruleLabels List<Property Map>: Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

RuleGroupRuleAction, RuleGroupRuleActionArgs

Allow RuleGroupRuleActionAllow: Instructs AWS WAF to allow the web request. See Allow below for details.
Block RuleGroupRuleActionBlock: Instructs AWS WAF to block the web request. See Block below for details.
Captcha RuleGroupRuleActionCaptcha: Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
Challenge RuleGroupRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
Count RuleGroupRuleActionCount: Instructs AWS WAF to count the web request and allow it. See Count below for details.

Allow RuleGroupRuleActionAllow: Instructs AWS WAF to allow the web request. See Allow below for details.
Block RuleGroupRuleActionBlock: Instructs AWS WAF to block the web request. See Block below for details.
Captcha RuleGroupRuleActionCaptcha: Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
Challenge RuleGroupRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
Count RuleGroupRuleActionCount: Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow RuleGroupRuleActionAllow: Instructs AWS WAF to allow the web request. See Allow below for details.
block RuleGroupRuleActionBlock: Instructs AWS WAF to block the web request. See Block below for details.
captcha RuleGroupRuleActionCaptcha: Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
challenge RuleGroupRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
count RuleGroupRuleActionCount: Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow RuleGroupRuleActionAllow: Instructs AWS WAF to allow the web request. See Allow below for details.
block RuleGroupRuleActionBlock: Instructs AWS WAF to block the web request. See Block below for details.
captcha RuleGroupRuleActionCaptcha: Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
challenge RuleGroupRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
count RuleGroupRuleActionCount: Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow RuleGroupRuleActionAllow: Instructs AWS WAF to allow the web request. See Allow below for details.
block RuleGroupRuleActionBlock: Instructs AWS WAF to block the web request. See Block below for details.
captcha RuleGroupRuleActionCaptcha: Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
challenge RuleGroupRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
count RuleGroupRuleActionCount: Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow Property Map: Instructs AWS WAF to allow the web request. See Allow below for details.
block Property Map: Instructs AWS WAF to block the web request. See Block below for details.
captcha Property Map: Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.
challenge Property Map: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
count Property Map: Instructs AWS WAF to count the web request and allow it. See Count below for details.

RuleGroupRuleActionAllow, RuleGroupRuleActionAllowArgs

CustomRequestHandling RuleGroupRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

CustomRequestHandling RuleGroupRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

custom_request_handling RuleGroupRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See Custom Request Handling below for details.

RuleGroupRuleActionAllowCustomRequestHandling, RuleGroupRuleActionAllowCustomRequestHandlingArgs

InsertHeaders List<RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

InsertHeaders []RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insert_headers Sequence[RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader, RuleGroupRuleActionAllowCustomRequestHandlingInsertHeaderArgs

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

name string: A friendly name of the rule group.
value string: The value of the custom header.

name str: A friendly name of the rule group.
value str: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

RuleGroupRuleActionBlock, RuleGroupRuleActionBlockArgs

CustomResponse RuleGroupRuleActionBlockCustomResponse: Defines a custom response for the web request. See Custom Response below for details.

CustomResponse RuleGroupRuleActionBlockCustomResponse: Defines a custom response for the web request. See Custom Response below for details.

customResponse RuleGroupRuleActionBlockCustomResponse: Defines a custom response for the web request. See Custom Response below for details.

customResponse RuleGroupRuleActionBlockCustomResponse: Defines a custom response for the web request. See Custom Response below for details.

custom_response RuleGroupRuleActionBlockCustomResponse: Defines a custom response for the web request. See Custom Response below for details.

customResponse Property Map: Defines a custom response for the web request. See Custom Response below for details.

RuleGroupRuleActionBlockCustomResponse, RuleGroupRuleActionBlockCustomResponseArgs

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders List<RuleGroupRuleActionBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders []RuleGroupRuleActionBlockCustomResponseResponseHeader: The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

responseCode Integer: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<RuleGroupRuleActionBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

responseCode number: The HTTP status code to return to the client.
customResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders RuleGroupRuleActionBlockCustomResponseResponseHeader[]: The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

response_code int: The HTTP status code to return to the client.
custom_response_body_key str: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
response_headers Sequence[RuleGroupRuleActionBlockCustomResponseResponseHeader]: The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

responseCode Number: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<Property Map>: The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

RuleGroupRuleActionBlockCustomResponseResponseHeader, RuleGroupRuleActionBlockCustomResponseResponseHeaderArgs

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

name string: A friendly name of the rule group.
value string: The value of the custom header.

name str: A friendly name of the rule group.
value str: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

RuleGroupRuleActionCaptcha, RuleGroupRuleActionCaptchaArgs

CustomRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

CustomRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

custom_request_handling RuleGroupRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See Custom Request Handling below for details.

RuleGroupRuleActionCaptchaCustomRequestHandling, RuleGroupRuleActionCaptchaCustomRequestHandlingArgs

InsertHeaders List<RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

InsertHeaders []RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insert_headers Sequence[RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader, RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

name string: A friendly name of the rule group.
value string: The value of the custom header.

name str: A friendly name of the rule group.
value str: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

RuleGroupRuleActionChallenge, RuleGroupRuleActionChallengeArgs

CustomRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

CustomRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

custom_request_handling RuleGroupRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See Custom Request Handling below for details.

RuleGroupRuleActionChallengeCustomRequestHandling, RuleGroupRuleActionChallengeCustomRequestHandlingArgs

InsertHeaders List<RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

InsertHeaders []RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insert_headers Sequence[RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader, RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

name string: A friendly name of the rule group.
value string: The value of the custom header.

name str: A friendly name of the rule group.
value str: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

RuleGroupRuleActionCount, RuleGroupRuleActionCountArgs

CustomRequestHandling RuleGroupRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

CustomRequestHandling RuleGroupRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

custom_request_handling RuleGroupRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See Custom Request Handling below for details.

RuleGroupRuleActionCountCustomRequestHandling, RuleGroupRuleActionCountCustomRequestHandlingArgs

InsertHeaders List<RuleGroupRuleActionCountCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

InsertHeaders []RuleGroupRuleActionCountCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<RuleGroupRuleActionCountCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders RuleGroupRuleActionCountCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insert_headers Sequence[RuleGroupRuleActionCountCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

RuleGroupRuleActionCountCustomRequestHandlingInsertHeader, RuleGroupRuleActionCountCustomRequestHandlingInsertHeaderArgs

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

Name string: A friendly name of the rule group.
Value string: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

name string: A friendly name of the rule group.
value string: The value of the custom header.

name str: A friendly name of the rule group.
value str: The value of the custom header.

name String: A friendly name of the rule group.
value String: The value of the custom header.

RuleGroupRuleCaptchaConfig, RuleGroupRuleCaptchaConfigArgs

ImmunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See Immunity Time Property below for details.

ImmunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty RuleGroupRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See Immunity Time Property below for details.

immunity_time_property RuleGroupRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty Property Map: Defines custom immunity time. See Immunity Time Property below for details.

RuleGroupRuleCaptchaConfigImmunityTimeProperty, RuleGroupRuleCaptchaConfigImmunityTimePropertyArgs

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

RuleGroupRuleRuleLabel, RuleGroupRuleRuleLabelArgs

Name string: The label string.

Name string: The label string.

name String: The label string.

name string: The label string.

name str: The label string.

name String: The label string.

RuleGroupRuleStatement, RuleGroupRuleStatementArgs

AndStatement RuleGroupRuleStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
ByteMatchStatement RuleGroupRuleStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
GeoMatchStatement RuleGroupRuleStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
IpSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
LabelMatchStatement RuleGroupRuleStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
NotStatement RuleGroupRuleStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
OrStatement RuleGroupRuleStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
RateBasedStatement RuleGroupRuleStatementRateBasedStatement: A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
RegexMatchStatement RuleGroupRuleStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
RegexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
SizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
SqliMatchStatement RuleGroupRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
XssMatchStatement RuleGroupRuleStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

AndStatement RuleGroupRuleStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
ByteMatchStatement RuleGroupRuleStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
GeoMatchStatement RuleGroupRuleStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
IpSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
LabelMatchStatement RuleGroupRuleStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
NotStatement RuleGroupRuleStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
OrStatement RuleGroupRuleStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
RateBasedStatement RuleGroupRuleStatementRateBasedStatement: A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
RegexMatchStatement RuleGroupRuleStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
RegexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
SizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
SqliMatchStatement RuleGroupRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
XssMatchStatement RuleGroupRuleStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byteMatchStatement RuleGroupRuleStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geoMatchStatement RuleGroupRuleStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ipSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
labelMatchStatement RuleGroupRuleStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
notStatement RuleGroupRuleStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
orStatement RuleGroupRuleStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
rateBasedStatement RuleGroupRuleStatementRateBasedStatement: A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
regexMatchStatement RuleGroupRuleStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
sizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqliMatchStatement RuleGroupRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xssMatchStatement RuleGroupRuleStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byteMatchStatement RuleGroupRuleStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geoMatchStatement RuleGroupRuleStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ipSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
labelMatchStatement RuleGroupRuleStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
notStatement RuleGroupRuleStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
orStatement RuleGroupRuleStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
rateBasedStatement RuleGroupRuleStatementRateBasedStatement: A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
regexMatchStatement RuleGroupRuleStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
sizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqliMatchStatement RuleGroupRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xssMatchStatement RuleGroupRuleStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

and_statement RuleGroupRuleStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byte_match_statement RuleGroupRuleStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geo_match_statement RuleGroupRuleStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ip_set_reference_statement RuleGroupRuleStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
label_match_statement RuleGroupRuleStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
not_statement RuleGroupRuleStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
or_statement RuleGroupRuleStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
rate_based_statement RuleGroupRuleStatementRateBasedStatement: A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
regex_match_statement RuleGroupRuleStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regex_pattern_set_reference_statement RuleGroupRuleStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
size_constraint_statement RuleGroupRuleStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqli_match_statement RuleGroupRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xss_match_statement RuleGroupRuleStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement Property Map: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byteMatchStatement Property Map: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geoMatchStatement Property Map: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ipSetReferenceStatement Property Map: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
labelMatchStatement Property Map: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
notStatement Property Map: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
orStatement Property Map: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
rateBasedStatement Property Map: A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.
regexMatchStatement Property Map: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regexPatternSetReferenceStatement Property Map: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
sizeConstraintStatement Property Map: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqliMatchStatement Property Map: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xssMatchStatement Property Map: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

RuleGroupRuleStatementAndStatement, RuleGroupRuleStatementAndStatementArgs

Statements List<RuleGroupRuleStatement>: The statements to combine.

Statements []RuleGroupRuleStatement: The statements to combine.

statements List<RuleGroupRuleStatement>: The statements to combine.

statements RuleGroupRuleStatement[]: The statements to combine.

statements Sequence[RuleGroupRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

RuleGroupRuleStatementByteMatchStatement, RuleGroupRuleStatementByteMatchStatementArgs

PositionalConstraint string: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations List<RuleGroupRuleStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

PositionalConstraint string: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations []RuleGroupRuleStatementByteMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint String: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<RuleGroupRuleStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint string: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString string: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations RuleGroupRuleStatementByteMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positional_constraint str: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
search_string str: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
text_transformations Sequence[RuleGroupRuleStatementByteMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint String: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementByteMatchStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementByteMatchStatementTextTransformation, RuleGroupRuleStatementByteMatchStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementGeoMatchStatement, RuleGroupRuleStatementGeoMatchStatementArgs

CountryCodes List<string>: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

CountryCodes []string: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes List<String>: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes string[]: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

country_codes Sequence[str]: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwarded_ip_config RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes List<String>: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig Property Map: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig, RuleGroupRuleStatementGeoMatchStatementForwardedIpConfigArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: The name of the HTTP header to use for the IP address.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: The name of the HTTP header to use for the IP address.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.

RuleGroupRuleStatementIpSetReferenceStatement, RuleGroupRuleStatementIpSetReferenceStatementArgs

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn str: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ip_set_forwarded_ip_config RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig Property Map: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.
Position string: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.
Position string: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.
position String: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: The name of the HTTP header to use for the IP address.
position string: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: The name of the HTTP header to use for the IP address.
position str: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.
position String: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

RuleGroupRuleStatementLabelMatchStatement, RuleGroupRuleStatementLabelMatchStatementArgs

Key string: The string to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

Key string: The string to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: The string to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key string: The string to match against.
scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key str: The string to match against.
scope str: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: The string to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

RuleGroupRuleStatementNotStatement, RuleGroupRuleStatementNotStatementArgs

Statements List<RuleGroupRuleStatement>: The statements to combine.

Statements []RuleGroupRuleStatement: The statements to combine.

statements List<RuleGroupRuleStatement>: The statements to combine.

statements RuleGroupRuleStatement[]: The statements to combine.

statements Sequence[RuleGroupRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

RuleGroupRuleStatementOrStatement, RuleGroupRuleStatementOrStatementArgs

Statements List<RuleGroupRuleStatement>: The statements to combine.

Statements []RuleGroupRuleStatement: The statements to combine.

statements List<RuleGroupRuleStatement>: The statements to combine.

statements RuleGroupRuleStatement[]: The statements to combine.

statements Sequence[RuleGroupRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

RuleGroupRuleStatementRateBasedStatement, RuleGroupRuleStatementRateBasedStatementArgs

Limit int

The limit on requests per 5-minute period for a single originating IP address.

AggregateKeyType string

Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.

CustomKeys List<RuleGroupRuleStatementRateBasedStatementCustomKey>

Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.

EvaluationWindowSec int

The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.

ScopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement

An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If aggregate_key_type is set to CONSTANT, this block is required.

Limit int

The limit on requests per 5-minute period for a single originating IP address.

AggregateKeyType string

Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.

CustomKeys []RuleGroupRuleStatementRateBasedStatementCustomKey

Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.

EvaluationWindowSec int

The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig

ScopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement

limit Integer

The limit on requests per 5-minute period for a single originating IP address.

aggregateKeyType String

Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.

customKeys List<RuleGroupRuleStatementRateBasedStatementCustomKey>

Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.

evaluationWindowSec Integer

The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

forwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig

scopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement

limit number

The limit on requests per 5-minute period for a single originating IP address.

aggregateKeyType string

Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.

customKeys RuleGroupRuleStatementRateBasedStatementCustomKey[]

Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.

evaluationWindowSec number

The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

forwardedIpConfig RuleGroupRuleStatementRateBasedStatementForwardedIpConfig

scopeDownStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatement

limit int

The limit on requests per 5-minute period for a single originating IP address.

aggregate_key_type str

Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.

custom_keys Sequence[RuleGroupRuleStatementRateBasedStatementCustomKey]

Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.

evaluation_window_sec int

The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

forwarded_ip_config RuleGroupRuleStatementRateBasedStatementForwardedIpConfig

scope_down_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatement

limit Number

The limit on requests per 5-minute period for a single originating IP address.

aggregateKeyType String

Setting that indicates how to aggregate the request counts. Valid values include: CONSTANT, CUSTOM_KEYS, FORWARDED_IP or IP. Default: IP.

customKeys List<Property Map>

Aggregate the request counts using one or more web request components as the aggregate keys. See custom_key below for details.

evaluationWindowSec Number

The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are 60, 120, 300, and 600. Defaults to 300 (5 minutes).

NOTE: This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.

forwardedIpConfig Property Map

scopeDownStatement Property Map

RuleGroupRuleStatementRateBasedStatementCustomKey, RuleGroupRuleStatementRateBasedStatementCustomKeyArgs

Cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie: (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
ForwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp: (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
Header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader: (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
HttpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod: (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
Ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp: (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
LabelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace: (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
QueryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument: (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
QueryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString: (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
UriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath: (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.

Cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie: (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
ForwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp: (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
Header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader: (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
HttpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod: (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
Ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp: (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
LabelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace: (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
QueryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument: (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
QueryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString: (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
UriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath: (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.

cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie: (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
forwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp: (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader: (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
httpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod: (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp: (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
labelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace: (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
queryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument: (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
queryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString: (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
uriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath: (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.

cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie: (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
forwardedIp RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp: (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader: (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
httpMethod RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod: (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp: (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
labelNamespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace: (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
queryArgument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument: (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
queryString RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString: (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
uriPath RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath: (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.

cookie RuleGroupRuleStatementRateBasedStatementCustomKeyCookie: (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
forwarded_ip RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp: (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
header RuleGroupRuleStatementRateBasedStatementCustomKeyHeader: (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
http_method RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod: (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
ip RuleGroupRuleStatementRateBasedStatementCustomKeyIp: (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
ja3_fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
ja4_fingerprint RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
label_namespace RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace: (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
query_argument RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument: (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
query_string RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString: (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
uri_path RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath: (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.

cookie Property Map: (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit cookie below for details.
forwardedIp Property Map: (Optional) Use the first IP address in an HTTP header as an aggregate key. See forwarded_ip below for details.
header Property Map: (Optional) Use the value of a header in the request as an aggregate key. See RateLimit header below for details.
httpMethod Property Map: (Optional) Use the request's HTTP method as an aggregate key. See RateLimit http_method below for details.
ip Property Map: (Optional) Use the request's originating IP address as an aggregate key. See RateLimit ip below for details.
ja3Fingerprint Property Map: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
ja4Fingerprint Property Map: (Optional) Use the JA3 fingerprint in the request as an aggregate key. See RateLimit ip below for details.
labelNamespace Property Map: (Optional) Use the specified label namespace as an aggregate key. See RateLimit label_namespace below for details.
queryArgument Property Map: (Optional) Use the specified query argument as an aggregate key. See RateLimit query_argument below for details.
queryString Property Map: (Optional) Use the request's query string as an aggregate key. See RateLimit query_string below for details.
uriPath Property Map: (Optional) Use the request's URI path as an aggregate key. See RateLimit uri_path below for details.

RuleGroupRuleStatementRateBasedStatementCustomKeyCookie, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieArgs

Name string: A friendly name of the rule group.
TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

Name string: A friendly name of the rule group.
TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name String: A friendly name of the rule group.
textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name string: A friendly name of the rule group.
textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name str: A friendly name of the rule group.
text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name String: A friendly name of the rule group.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementCustomKeyHeader, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderArgs

Name string: A friendly name of the rule group.
TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

Name string: A friendly name of the rule group.
TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name String: A friendly name of the rule group.
textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name string: A friendly name of the rule group.
textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name str: A friendly name of the rule group.
text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name String: A friendly name of the rule group.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementCustomKeyJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementCustomKeyJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace, RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespaceArgs

Namespace string: The namespace to use for aggregation

Namespace string: The namespace to use for aggregation

namespace String: The namespace to use for aggregation

namespace string: The namespace to use for aggregation

namespace str: The namespace to use for aggregation

namespace String: The namespace to use for aggregation

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentArgs

Name string: A friendly name of the rule group.
TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

Name string: A friendly name of the rule group.
TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name String: A friendly name of the rule group.
textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name string: A friendly name of the rule group.
textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name str: A friendly name of the rule group.
text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

name String: A friendly name of the rule group.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringArgs

TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathArgs

TextTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

TextTransformations []RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

textTransformations List<RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

textTransformations RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details.

RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementForwardedIpConfigArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: The name of the HTTP header to use for the IP address.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: The name of the HTTP header to use for the IP address.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.

RuleGroupRuleStatementRateBasedStatementScopeDownStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementArgs

AndStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
ByteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
GeoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
IpSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
LabelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
NotStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
OrStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
RegexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
RegexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
SizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
SqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
XssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

AndStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
ByteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
GeoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
IpSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
LabelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
NotStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
OrStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
RegexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
RegexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
SizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
SqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
XssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ipSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
labelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
notStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
orStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
regexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
sizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byteMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geoMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ipSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
labelMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
notStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
orStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
regexMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regexPatternSetReferenceStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
sizeConstraintStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqliMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xssMatchStatement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

and_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byte_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geo_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ip_set_reference_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
label_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
not_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
or_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
regex_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regex_pattern_set_reference_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
size_constraint_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqli_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xss_match_statement RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement Property Map: A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.
byteMatchStatement Property Map: A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.
geoMatchStatement Property Map: A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.
ipSetReferenceStatement Property Map: A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
labelMatchStatement Property Map: A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.
notStatement Property Map: A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.
orStatement Property Map: A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.
regexMatchStatement Property Map: A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.
regexPatternSetReferenceStatement Property Map: A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
sizeConstraintStatement Property Map: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.
sqliMatchStatement Property Map: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.
xssMatchStatement Property Map: A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatementArgs

Statements List<RuleGroupRuleStatement>: The statements to combine.

Statements []RuleGroupRuleStatement: The statements to combine.

statements List<RuleGroupRuleStatement>: The statements to combine.

statements RuleGroupRuleStatement[]: The statements to combine.

statements Sequence[RuleGroupRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementArgs

PositionalConstraint string: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

PositionalConstraint string: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint String: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint string: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString string: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positional_constraint str: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
search_string str: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint String: The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs

CountryCodes List<string>: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

CountryCodes []string: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes List<String>: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes string[]: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

country_codes Sequence[str]: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwarded_ip_config RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes List<String>: An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig Property Map: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: The name of the HTTP header to use for the IP address.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: The name of the HTTP header to use for the IP address.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementArgs

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn str: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ip_set_forwarded_ip_config RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig Property Map: The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.
Position string: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: The name of the HTTP header to use for the IP address.
Position string: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.
position String: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: The name of the HTTP header to use for the IP address.
position string: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: The name of the HTTP header to use for the IP address.
position str: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: The name of the HTTP header to use for the IP address.
position String: The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatementArgs

Key string: The string to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

Key string: The string to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: The string to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key string: The string to match against.
scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key str: The string to match against.
scope str: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: The string to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatementArgs

Statements List<RuleGroupRuleStatement>: The statements to combine.

Statements []RuleGroupRuleStatement: The statements to combine.

statements List<RuleGroupRuleStatement>: The statements to combine.

statements RuleGroupRuleStatement[]: The statements to combine.

statements Sequence[RuleGroupRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatementArgs

Statements List<RuleGroupRuleStatement>: The statements to combine.

Statements []RuleGroupRuleStatement: The statements to combine.

statements List<RuleGroupRuleStatement>: The statements to combine.

statements RuleGroupRuleStatement[]: The statements to combine.

statements Sequence[RuleGroupRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementArgs

RegexString string: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RegexString string: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString String: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString string: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regex_string str: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString String: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementArgs

Arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

Arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn String: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn str: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn String: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementArgs

ComparisonOperator string: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
Size int: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

ComparisonOperator string: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
Size int: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparisonOperator String: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size Integer: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparisonOperator string: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size number: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparison_operator str: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size int: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparisonOperator String: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size Number: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementArgs

TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
SensitivityLevel string: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
SensitivityLevel string: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
sensitivityLevel String: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
sensitivityLevel string: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
sensitivity_level str: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.
sensitivityLevel String: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementArgs

TextTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

TextTransformations []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

textTransformations List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

textTransformations RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

text_transformations Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation, RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRegexMatchStatement, RuleGroupRuleStatementRegexMatchStatementArgs

RegexString string: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
TextTransformations List<RuleGroupRuleStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RegexString string: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
TextTransformations []RuleGroupRuleStatementRegexMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString String: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
textTransformations List<RuleGroupRuleStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString string: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
textTransformations RuleGroupRuleStatementRegexMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regex_string str: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
text_transformations Sequence[RuleGroupRuleStatementRegexMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString String: The string representing the regular expression. Note: The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See AWS WAF quotas for details.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementRegexMatchStatementFieldToMatch, RuleGroupRuleStatementRegexMatchStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody, RuleGroupRuleStatementRegexMatchStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRegexMatchStatementTextTransformation, RuleGroupRuleStatementRegexMatchStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementRegexPatternSetReferenceStatement, RuleGroupRuleStatementRegexPatternSetReferenceStatementArgs

Arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
TextTransformations List<RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

Arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
TextTransformations []RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn String: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations List<RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn str: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
text_transformations Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn String: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs

MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs

All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

Name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

name string: The name of the query header to inspect. This setting must be provided as lower case characters.

name str: The name of the query header to inspect. This setting must be provided as lower case characters.

name String: The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation, RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformationArgs

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementSizeConstraintStatement, RuleGroupRuleStatementSizeConstraintStatementArgs

ComparisonOperator string: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
Size int: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
TextTransformations List<RuleGroupRuleStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

ComparisonOperator string: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
Size int: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
TextTransformations []RuleGroupRuleStatementSizeConstraintStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
FieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparisonOperator String: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size Integer: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations List<RuleGroupRuleStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparisonOperator string: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size number: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations RuleGroupRuleStatementSizeConstraintStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch RuleGroupRuleStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparison_operator str: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size int: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
text_transformations Sequence[RuleGroupRuleStatementSizeConstraintStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
field_to_match RuleGroupRuleStatementSizeConstraintStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

comparisonOperator String: The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size Number: The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementSizeConstraintStatementFieldToMatch, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs

AllQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
Headers List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
Cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
HeaderOrders []RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder: Inspect the request headers. See Header Order below for details.
Headers []RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader: Inspect the request headers. See Headers below for details.
Ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
Method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
SingleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
UriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect the request headers. See Header Order below for details.
headers List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
headerOrders RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder[]: Inspect the request headers. See Header Order below for details.
headers RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below for details.
ja3Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
singleQueryArgument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uriPath RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers.
cookies RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See Cookies below for details.
header_orders Sequence[RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder]: Inspect the request headers. See Header Order below for details.
headers Sequence[RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader]: Inspect the request headers. See Headers below for details.
ja3_fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body for details.
method RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below for details.
single_query_argument RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below for details.
uri_path RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers.
cookies Property Map: Inspect the cookies in the web request. See Cookies below for details.
headerOrders List<Property Map>: Inspect the request headers. See Header Order below for details.
headers List<Property Map>: Inspect the request headers. See Headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See Single Header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBodyArgs

OversizeHandling string

OversizeHandling string

oversizeHandling String

oversizeHandling string

oversize_handling str

oversizeHandling String

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesArgs

MatchPatterns List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs

All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderArgs

MatchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs

All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

pulumi/pulumi-aws

aws.wafv2.RuleGroup

On this page

On this page

Create RuleGroup Resource

Constructor syntax

Parameters

RuleGroup Resource Properties

Inputs

Outputs

Look up Existing RuleGroup Resource

Supporting Types

RuleGroupCustomResponseBody, RuleGroupCustomResponseBodyArgs

RuleGroupRule, RuleGroupRuleArgs

RuleGroupRuleAction, RuleGroupRuleActionArgs

RuleGroupRuleActionAllow, RuleGroupRuleActionAllowArgs

RuleGroupRuleActionAllowCustomRequestHandling, RuleGroupRuleActionAllowCustomRequestHandlingArgs

RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader, RuleGroupRuleActionAllowCustomRequestHandlingInsertHeaderArgs

RuleGroupRuleActionBlock, RuleGroupRuleActionBlockArgs

RuleGroupRuleActionBlockCustomResponse, RuleGroupRuleActionBlockCustomResponseArgs

RuleGroupRuleActionBlockCustomResponseResponseHeader, RuleGroupRuleActionBlockCustomResponseResponseHeaderArgs

RuleGroupRuleActionCaptcha, RuleGroupRuleActionCaptchaArgs

RuleGroupRuleActionCaptchaCustomRequestHandling, RuleGroupRuleActionCaptchaCustomRequestHandlingArgs

RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader, RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

RuleGroupRuleActionChallenge, RuleGroupRuleActionChallengeArgs

RuleGroupRuleActionChallengeCustomRequestHandling, RuleGroupRuleActionChallengeCustomRequestHandlingArgs

RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader, RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

RuleGroupRuleActionCount, RuleGroupRuleActionCountArgs

RuleGroupRuleActionCountCustomRequestHandling, RuleGroupRuleActionCountCustomRequestHandlingArgs

RuleGroupRuleActionCountCustomRequestHandlingInsertHeader, RuleGroupRuleActionCountCustomRequestHandlingInsertHeaderArgs

RuleGroupRuleCaptchaConfig, RuleGroupRuleCaptchaConfigArgs

RuleGroupRuleCaptchaConfigImmunityTimeProperty, RuleGroupRuleCaptchaConfigImmunityTimePropertyArgs

RuleGroupRuleRuleLabel, RuleGroupRuleRuleLabelArgs

RuleGroupRuleStatement, RuleGroupRuleStatementArgs

RuleGroupRuleStatementAndStatement, RuleGroupRuleStatementAndStatementArgs

RuleGroupRuleStatementByteMatchStatement, RuleGroupRuleStatementByteMatchStatementArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementByteMatchStatementFieldToMatchArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchBodyArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder, RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint, RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

RuleGroupRuleStatementByteMatchStatementTextTransformation, RuleGroupRuleStatementByteMatchStatementTextTransformationArgs

RuleGroupRuleStatementGeoMatchStatement, RuleGroupRuleStatementGeoMatchStatementArgs

RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig, RuleGroupRuleStatementGeoMatchStatementForwardedIpConfigArgs

RuleGroupRuleStatementIpSetReferenceStatement, RuleGroupRuleStatementIpSetReferenceStatementArgs

RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

RuleGroupRuleStatementLabelMatchStatement, RuleGroupRuleStatementLabelMatchStatementArgs

RuleGroupRuleStatementNotStatement, RuleGroupRuleStatementNotStatementArgs

RuleGroupRuleStatementOrStatement, RuleGroupRuleStatementOrStatementArgs

RuleGroupRuleStatementRateBasedStatement, RuleGroupRuleStatementRateBasedStatementArgs

RuleGroupRuleStatementRateBasedStatementCustomKey, RuleGroupRuleStatementRateBasedStatementCustomKeyArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyCookie, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformationArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyHeader, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformationArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint, RuleGroupRuleStatementRateBasedStatementCustomKeyJa3FingerprintArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint, RuleGroupRuleStatementRateBasedStatementCustomKeyJa4FingerprintArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace, RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespaceArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformationArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformationArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathArgs

RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation, RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformationArgs

RuleGroupRuleStatementRateBasedStatementForwardedIpConfig, RuleGroupRuleStatementRateBasedStatementForwardedIpConfigArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatementArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs